packages feed

openid-connect-0.1.1: README.md

[![tests](https://github.com/pjones/openid-connect/actions/workflows/tests.yml/badge.svg)](https://github.com/pjones/openid-connect/actions/workflows/tests.yml)

OpenID Connect 1.0 in Haskell
=============================

An OpenID Connect 1.0 compliant library written in Haskell.

The primary goals of this package are security and usability.

Client Features
---------------

This library mostly focuses on the client side of the OpenID Connect
protocol.

Supported flows:

  * [x] Authorization Code (see `OpenID.Connect.Client.Flow.AuthorizationCode`) (§3.1)
  * [ ] Implicit (partial implementation, patches welcome) (§3.2)
  * [ ] Hybrid (partial implementation, patches welcome) (§3.3)

Significant features:

  * ID Token validation via the [jose][] library (§2)
  * Additional OIDC claim validation (e.g., `nonce`, `azp`, etc.) (§2)
  * Full support for all defined forms of client authentication (§9)
  * Handles session cookie generation and validation (§3.1.2.1, §15.5.2)
  * Dynamic Client Registration 1.0.

Provider Features
-----------------

Some utility types and functions are available to assist in the
writing of an OIDC Provider:

  * Discovery document (OpenID Connect Discovery 1.0 §3)
  * Key generation (simple wrapper around [jose][])

[jose]: https://hackage.haskell.org/package/jose

Certification Status
--------------------

We plan on fully [certifying][cert] this implementation using the
following profiles:

  * [ ] Basic Relying Party
  * [ ] Implicit Relying Party
  * [ ] Hybrid Relying Party
  * [ ] Relying Party Using Configuration Information
  * [ ] Dynamic Relying Party
  * [ ] Form Post Relying Party

[cert]: https://openid.net/certification/instructions/

Specifications and RFCs
-----------------------

  * [OpenID Connect Core](http://openid.net/specs/openid-connect-core-1_0.html)
  * [OpenID Connect Discovery](http://openid.net/specs/openid-connect-discovery-1_0.html)
  * [The OAuth 2.0 Authorization Framework (RFC6749)](https://tools.ietf.org/html/rfc6749)
  * [JSON Web Token (RFC7519)](https://tools.ietf.org/html/rfc7519)
  * [JSON Web Signature (RFC7515)](https://tools.ietf.org/html/rfc7515)
  * [JSON Web Key (RFC7517)](https://www.rfc-editor.org/rfc/rfc7517.htmlhttps://www.rfc-editor.org/rfc/rfc7517.html)